Why racism is wrong

Denial of individual humanity

The problem with racism is the collectivism—the tribalism—the treatment of people as mere tokens or representatives of their races. That, as it turns out, is a profoundly appalling and consequential attitude to take. Treating people as mere tokens of their race literally dehumanizes them. Why? Because it ignores, often accompanied by great contempt and hatred, the very feature that make a person human: their unique ability of reason, to think things through, to think for themselves, to direct their own lives.

We humans are defined by our rationality, Aristotle said. He wasn't wrong. What distinguishes us is our ability to reason, not just in the sense of making a logical inference here or there (lots of animals can do that), but in the sense that we can reflect deeply and at length about important decisions, the direction of our lives (past, present, and future), our assumptions, and our values. Our ability to think things through, to step back and take stock: that is the nature of human rationality. And that is the thing that makes us human, and that is the thing that makes us each unique, and that it is the thing that is dismissed without a thought by actual racists.

Racists, probably without quite realizing it, make some assumptions when they encounter a member of a disdained race: "This person is merely a representative of that race. His uniqueness does not matter. His difference, his thoughts and values, his humanity—none of that matters. He's fungible, interchangeable, equally worthy of contempt as any other member of his race."

Our rationality, as I described it, is also—as I maintained at length in an essay on this blog—equivalent to our free will. It is also what gives us each our dignity, that which commands a basic sort of respect, no matter what. The reason a person should never, no matter how terrible his crimes, be discarded like only so much trash, is that we wish to respect that feature shared by all the rest of us. A mass murderer may be as awful a person as you can imagine, but no decent, sober person in the light of day wants to torture him to death; to do so would be to, as it were, discard his dignity, his humanity itself.

So we can say just as well that a racist essentially denies the freedom and dignity of members of hated (or disdained) races.

At this point, I should acknowledge that people can be more and less racist. For example, there are people who generally hate members of other races, but make exceptions for religious or political allies or personal acquaintances. They can also be merely biased, tending to discount any individuality and uniqueness of members of a disdained race, but rarely doing so wholly. A complete racist, by contrast, couldn't imagine being friends with the disdained or hated race; one might as well be friends with a slug or a rock, or any other thing that is undifferentiated and worthless. The race per se is dehumanized for the thorough racist.

Dehumanization

Let's talk a bit about what "dehumanizing" means, because I think it's very important to understand, if you want to grasp the awfulness of racism. Perhaps the best way to get a bead on it is to consider some clear examples, of all sorts.

Think of

  • the slaveowner who cannot tell his slaves apart and thinks the only bad thing about beating a slave to death is the loss of labor.
  • the medieval lord who naturally thinks of his serfs as mere animals, like deer or foxes, that are part of the land, and that may be disposed of however he pleases.
  • the soldier at war who so thoroughly hates the enemy that he delights in any enemy deaths, no matter how unjustified.
  • the 19th-century factory owner who quite literally does not care whether the workers live or die, so long as more are available to keep the operation going.
  • the totalitarian leader driving the only expensive vehicle on the city streets, pleasantly regarding of all the people around him as "workers" or the "proletariat" or "das Volk," making plans for punishment of dissidents and hated groups in concentration camps.
  • the KKK member, the new-Nazi, the identitarian, the race purist, the Stormfronter, the troglodyte who utterly and completely hates some race (or several races), who thinks of them as subhuman vermin to be exterminated or, at best, to be avoided at all costs.
  • the true zealots, i.e., those who are so committed to a political ideology or religion that people who do not share it are so far beyond redemption that the zealots literally cannot care whether the heretics (or benighted, etc.) live or die.

There are other categories as well. These aren't the only sorts of people who dehumanize others. Another sort of example would be the criminal sociopath, a genuine misanthrope who lacks a conscience and views all other people as mere tools to be manipulated. Another still would be a truly vicious criminal gang, which views everyone unassociated with the gang to be little more than weak prey.

What all these people have in common is a failure to evaluate others as individuals with a unique mind and the inherent freedom and dignity that go with them. Instead, the dehumanizer regards them as mere instances of some hated, despised, or in any case undifferentiated group: they are mere slaves, mere serfs, mere enemies, mere workers, mere proletarians, mere n‑‑‑‑‑s or Jews, mere heathens, mere [fill in the blank with an epithet for some utterly despised political enemy].

Note that we can have a similar dehumanizing attitude toward groups that it is more popular to hate, such as criminals, pedophiles, and—let's not forget—racists.

So why is racism wrong?

Let's recapitulate a few things. Racism begins by regarding people of the despised race as mere members of that race, i.e., lacking any individual identity worthy of consideration. When racists do not consider others' individual identity, that means they have dehumanized them.

It is the dehumanization aspect of racism that leads racists to do horrible things to others, when they do, things that their victims (unlike, for example, convicted criminals) certainly do not deserve. Notice, this is true of all sorts of dehumanization. We are restrained from particularly brutal, inhumane behavior against people whose shared humanity and equal dignity we acknowledge. If we acknowledge someone's shared humanity, we are generally (except perhaps under duress and other extraordinary circumstances) incapable of flouting that dignity. We might punch someone we respect in the chin, but we won't torture him. We might force a disliked employee to work overtime, but we wouldn't callously put her life in serious danger or consider enslaving her. We might teach or report respected citizens in a biased way, but we wouldn't literally propagandize them or force their minds. There are some things that we simply do not do to our fellow human beings, if we accord them basic dignity.

The denial of a person's humanity—which racism implies—has of course enabled all sorts of inhumane treatment, throughout history, as trivial as snubs that indicate "you mean nothing to me" and as profound as genocide. We might also point out that racism is profoundly and unnecessarily unfair, i.e., it singles out people by race—a feature they didn't choose—for poor treatment. That, I suppose, is so obvious as not to need much further argument. It is, again, that denial of a person's humanity that makes such poor and unfair treatment possible. And that comes back to collectivism: the racist regards the despised race as mere undifferentiated representatives of their race, their individual minds being unworthy of consideration.

The audience of this little essay is not racists; I wouldn't expect racists to be persuaded by my arguments. But maybe some of them will read this. I imagine that the obviousness of the considerations of the last two paragraphs are such that any such racists would be unlikely to be moved to reconsider their racism. After all, no doubt most racists have somehow been confronted with the fundamental inhumanity and unfairness of their attitude. But they can't bring themselves to care.

But I have something else to say to (and about) such people. There's another sort of reason to think racism is wrong that might, perhaps, give some racists pause: racism is extremely bad for the soul. Here I don't mean anything religious (although you can apply the notion in that way if you wish). I mean that racism involves denying your shared humanity with other people who very obviously possess every bit as much dignity and freedom as you. When your hate, contempt, or utter indifference to some other people is so profound that you are incapable of crediting their humanity, something surely must have died within yourself. You, the racist, become the sort of person who is instead capable of monstrous, inhumane behavior. Denial of humanity in others can lead you to inhuman acts. That is how your soul is at risk, so to speak.

Moreover, the collectivism or tribalism that lies at the root of your callous attitude toward others of a disdained race can and probably will be turned on other classes of people. Who knows where, for you and those you influence, it will end? Just for example, the KKK did not stop at hating blacks; they also turned their ire toward Jews, Catholics, and Catholic immigrants (maybe especially the Irish). The roster of groups hated by European fascists (beyond merely the Jews) was also large. The ability to regard all members of any one group as an undifferentiated collective of "vermin" opens your soul up to more of the same, compounding the madness. This will not just harm others, if it does; but it will certainly harm you, the racist, deeply.

If that means nothing to racists, there's nothing that anyone can say to them, surely. But it ought to give them some pause.

I can imagine a committed, acknowledged racist—such people exist—responding that they would never dream of "monstrous, inhumane behavior" toward anyone of the race they hate. They simply want to have nothing to do with them. If you talk to neo-Nazis, some of them do say things like that: the Holocaust (if you can get them to admit that it happened) really was horrible. They just don't want to live in a society with Jews or blacks in it.

So let me be clear: I'm not saying all racists are like the very worst racists. As I said earlier, I know there are gradations of racism. Also, I am not trying to establish an obvious conclusion (that racism is wrong) cheaply, by assuming (falsely) that everyone who deserves to be called a "racist" is capable of participating in lynchings or genocide, for example.

But that isn't how my argument works. My argument is that racism does, in its most extreme or pure form, thoroughly dehumanize its targets. It is that dehumanization—that failure, to some degree or other, to acknowledge our shared humanity and equal dignity—that makes it possible for racists to do some truly awful things.

The thing that makes racism so awful is the dehumanization. As I argued, that is a feature it has in common with other of the most brutally destructive forces in human history: slavery, serfdom, dehumanizing the enemy, abusive labor practices, totalitarianism, zealotry, and true extremism. It's also similar to sociopathy and gangsterism. It's all about denying others their basic humanity: failing to regard them as having independent, unique minds worthy of basic consideration, minds that give us, all of us humans, the free will that gives us our equal dignity.

I wrote this essay primarily to clarify these issues to myself. I don't pretend to be a race theorist, but as with many topics in philosophy, I don't let that stop me from trying to clarify and test my own thinking on a topic. I hope you found this interesting and, whether you think I am right or wrong, I welcome your feedback below.


How and why I transitioned to Linux—how you can, too

Let me briefly tell my Linux story. If you're thinking about moving to Linux, and wondering how you'd do so, it might give you some pointers and inspiration.

The back story

My first introduction to the command line was in the 80s when I first started learning about computers and, like many geeky kids of the time, wrote my first BASIC computer programs. But it wasn't until my job starting Nupedia (and then Wikipedia) that I spent much time on the Bash command line.

(Let me explain. "Bash" means "Bourne-again shell," a rewrite of the class Unix shell "sh." A "shell" is a program for interacting with the computer by processing terse commands to do basic stuff like find and manipulate files; a terminal, or terminal emulator, is a program that runs a shell. The terminal is what shows you that command line, where you type your commands like "move this file there" and "download that file from this web address" and "inject this virus into that database". The default terminal used by Linux Ubuntu, for example, is called Gnome Terminal--which runs Bash, the standard Linux shell.)

Even then (and in the following years when I got into programming again), I didn't learn much beyond things like cd (switch directory) and ls (list directory contents).

It was then, around 2002, that I first decided to install Linux. Back then, maybe the biggest "distro" (flavor of Linux) was Red Hat Linux, so that's what I installed. I remember making a partition (dividing the hard disk into parts, basically) and dual-booting (installing and making it possible to use both) Linux and Windows. It was OK, but it was also rather clunky and much rougher and much less user-friendly than the Windows of the day. So I didn't use it much.

Linux on a virtual machine

When I decided in mid-2016 that I wanted to start learning to program, really really, more seriously this time, I knew I'd have to transition soon to Linux, especially if I was going to learn Ruby on Rails (which I was and am). There's less pressure to do this if you're a Mac user, since modern Macs make a Bash console easily available; OSX is based on Unix and so is a sibling of Linux. Anyway, if you don't want to plunge headfirst into Linux-only or dual-booting, then the Thing To Do, beginners are rightly told, is to install Linux on a virtual machine.

A "virtual machine" (VM) is a program that, generally, runs in Windows or Mac and allows you to run a completely distinct operating system within a window (or in my case, a couple windows, one for each monitor). When I turned on my computer (i.e., the physical machine with the on switch), I booted into Windows as usual. But when I wanted to start programming, I started the VM and, inside the windows that popped up, it looks like a separate Linux computer is running. It's easy to switch back and forth; you can do so with the click of a mouse.

One of the first things I had to decide was which distro (flavor of Linux) to use. Leading distros include Ubuntu, Mint, Debian, Fedora, and CentOS. I chose Ubuntu because it was (and is) popular, relatively stable, well-supported, and relatively easy for newbies to get into. I find Ubuntu running the Gnome desktop environment—I'm not going to bother explaining what that means, but different distros can run different desktop environments—to be a pleasure, as I'll explain later.

My precocious son H., then age 10, had already set up a VirtualBox VM, so I had his help installing Linux in one myself. Installing Ubuntu to a VirtualBox VM is not terribly easy if you've never done it before, but there are plenty of tutorials and free help to be found online. If you're moderately technical, you can do it. It's not that bad.

Why I decided to install Linux on a partition

I used Ubuntu in VirtualBox for a couple years. It was a great way to transition from Windows to Linux; I ran Linux on a VM when studying programming, and I ran Windows for everything else.

Then came 2018, with its stunning revelations and outrages by Facebook, Apple, Google, and others. With privacy and free speech—in short, digital autonomy—deeply under threat, I decided to lock down my cyber-life. (I encourage you to do the same.)

I'd wanted to run Linux on a partition for a long time (doing so is quite a bit faster and more seamless than a VM). But when all these giant, centralized corporations showed such contempt for our privacy (and thus our security) and free speech, I decided that I was going to do all I could to take my data out of their hands. Microsoft is and always has been terrible when it comes to security, but with Windows 10—though admittedly an improvement in UX—they jumped on the privacy-violating bandwagon. Windows 10 bothered me ever since it came out. Now finally I decided I'd have to do something about it.

See, I've always thought information privacy was important, but like many of us, I rationalized the increasingly jaw-dropping privacy violations and security failures by corporations (and government, for that matter) in the last ten years or so as the price we pay for awesome new technology. You know—awesome new tech like Facebook, Twitter, Google Search, Google Chrome, cloud storage, and a free but better-designed operating system like Windows 10 was (at launch). At first, all this seemed indeed worth the price. (Or enough to keep me from taking the privacy issues seriously.) But when these corporations (and government) over and over brazenly demonstrated just how much contempt they have for our information privacy and security, not to mention free speech rights, the bloom was off the rose. Something snapped, and I'm never going back to them.

Privacy matters. A lot. Facebook? Don't need it. I'll be switching back to good old-fashioned email groups soon. Twitter? OK, I might keep it around strictly for advertising purposes, but don't expect much in the way of personal sharing. Google Search? Meh, DuckDuckGo has come a long way and is as good as Google for most (still not all) purposes. Google Chrome is simply not better than privacy-respecting browsers like Brave (my preference) and Firefox. I'll be moving my data to a more secure solution than traditional cloud storage soon.

A few days ago, as I worked through my to do list, I finally decided it was time to ditch Windows and switch to Linux. I still have Windows available for things like Camtasia Studio (video production), but I really don't need it for most purposes.

The switch

There are five basic steps to the process of adding Linux to your Windows or Mac machine:

  1. Pick a distro.
  2. Put the distro on a thumb drive or DVD so you can boot to it from there.
  3. Create a partition big enough for the Linux distro.
  4. Install the Linux distro in the partition.
  5. Configure Linux so you can use it on a daily basis.

I won't explain how to do these things (there are lots of tutorials already available, like this), but here are a few notes. And for the non-techies out there who have bravely read this far, let me tell you: the hardest part of using Linux is installing it. Don't feel bad if you need to get help. Heck, I've installed it myself before my 12-year-old son was born, and I wasn't too proud to get a lot of help from him the second time around! If you don't have a family or friend who can help, and you have to pay a rent-a-geek, it'll be money well spent.

I discussed #1 above. Notes on #2 and #3: Creating a partition is a pretty simple process. But if you're going to use a Linux boot loader (i.e., the thing that tells your computer which operating system to load; I use Grub) then you'll first want to put Linux on a thumb drive, since it's typically quite small and easily fits, and boot to that. Then you'll probably use GParted (the Linux partition software) to actually do the partitioning. You'll want to make sure you actually know what you're doing (so, read up about potential pitfalls) before making any changes. It's also very important to make sure your must-have data is well backed up, because you might lose it. If you do it right, there's little chance you will; but there's always a chance. Also, make sure you allocate reasonable amounts of space to your respective partitions. You don't want to run out of space on either one.

As to #4, actually installing Linux, once the partition is ready, is the easy part. It takes a little while (i.e., waiting), then you set your time zone and a login (very important, as you'll use it a lot), then you're done!

The easiest part is #5, but you're not totally out of the woods yet. The Ubuntu Software app is like a free app store (it's not the only one, of course), and they've made it quite easy to install a lot of software. Especially if you're programming, though, you'll have to use the command line at least sometimes. The most important thing to remember here (and maybe for the whole process) is to do intelligent web searches for help whenever you need it.

There's nothing magical or particularly deep and difficult about any step of this process. It just requires a little bravery, lots of Internet searching, time, and patience, and you can definitely get it done.

So...how is it?

So far, I love using Linux (OS), Ubuntu (distro), Gnome (desktop environment) as my main workstation. I actually hate it when I have to boot up Windows. Not only does it feel clunkier (really) and more unnecessarily bloated, I can't stop thinking about how I don't know what data is being sent to Microsoft.

If you haven't tried Linux for a long time, let me tell you: it has changed a lot from the early days. It is not just more usable than it was, in some ways it is more usable than Windows or Mac, in my opinion, for day-to-day work. I mean, of course this applies if you can deal with a few technical challenges. But if you can, Linux is more usable not just because of the nicer UX available, but also because of how configurable Linux is. You can change almost anything on the system you want. You want a different look and feel? There are apps for that. You want a different sort of app store? There are alternatives. You want something simpler and leaner? Available. Something that looks and feels like Windows or Mac? Available, of course.

One big exception is in installing some technical software that, if you aren't a programmer, you probably won't need to install. If for whatever reason you want or need to start using the command line (for example, running Bash on a terminal like Gnome, as I said above), try this beautifully written tutorial. The command line isn't that difficult to learn, actually. The basics are rather simple once you get the hang of them.

Another big exception lies in the sometimes non-standard and quirky ways the software sometimes behaves. Again, this is much better than it was in days gone by, but quirkiness is still definitely a Linux thing. I guess I don't mind.

A final difficulty is that it has some occasional, and almost always very minor, operating system issues that simply would never crop up for Windows or Mac. This is probably one of the bigger problems and obstacles to wider adoption. I can give you an example from Ubuntu 18.04, which I installed: it has a "memory leak" problem that very slowly and progressively eats up your memory (over the course of days) until you have to reboot. This will be fixed in an update soon if it hasn't been already.

But enough of the negatives. One enormous positive that neither Windows or Mac is likely ever to be able to boast is that it's an operating system that respects your autonomy. You own your system, not Microsoft or Apple. You don't have to ask a giant corporation for permission to do anything. You don't have to worry about them invading your privacy, putting your data at risk of hacking, or censoring you. And you have all the tools you'll need to make the system just the way you like it. That might not sound like a big deal (and maybe it wouldn't be to you), but if you try it, you might find yourself delighted with all the options. I was.

In summary, here are the similarities and difference to a typical desktop (Windows and Mac--I have both) experience:

  • Browsing is exactly the same as in Windows (I use Brave).
  • My mail program is exactly the same (MailSpring).
  • Other apps, like Telegram, Slack, and more, are exactly the same.
  • My password manager is almost exactly the same (Enpass).
  • For the long tail of specialist software, most of it is free, and you don't have to worry nearly as much about downloading viruses. Linux is much harder to hack and hackers rarely try.
  • Finding and loading software is different. It's better in that most of the software is free and quite easy to find, and there's a lot more of it. It's worse, however, in that more technical software (at least, the stuff I use) requires comfort with the command line. This is a deal-breaker for some non-techies, I know. But I think most of the software non-techies use will be pretty easy to install. Ubuntu developers put a great deal of work into usability, and it shows.
  • A lot of the free/open source software for office work is "fine" but will strike experienced MS Office users as a little quirky and clunky in places. Office 360 doesn't run in some flavors of Linux except using Wine, which doesn't always work (my son uses Wine for some purposes). This is one reason I still have a Windows partition going. UPDATE: Wrong. I don't use Office anymore at all. No reason to. LibreOffice (both the word processing and the spreadsheet programs) is great.
  • Linux is generally lean and fast. Unless you install a particularly bloated distro, it's much faster than Windows or Mac on the same machine. This is a very nice benefit.
  • If you're a serious gamer, Linux won't satisfy you (yet). (Some gamers take issue with this, others don't.)
  • It can be subject to very occasional weird but non-serious crashes and problems solved with updates. Don't worry about this, really, it's OK.

Back in 2002 when I was using Linux the first time around, it wasn't really ready for prime time. But it is now. You kind of have to be able to search the Internet and read some technical help pages in order to learn how to use the thing, or get help from someone who can do this. It is, after all, another whole operating system. So, yes, there's still a learning curve. It's not a huge learning curve, though, and not nearly as big as it used to be.

Linux: it's not for just uber-geeks anymore. Admittedly, there is probably a minimum intelligence requirement. But in the not-too-distant future, we might well see a completely foolproof distro.


Why does information privacy matter, again?

It's not just because you are a criminal and the coppers might catch you. Or because you really, really hate big corporations who just want to sell you stuff more easily. Or because you're paranoid.

If that's as far as your thinking goes, when people start talking about "privacy" on the Internet, you really need to bone up on the subject.

You probably already knew that you don't have to be criminal, paranoid, or anti-capitalist to be very jealous of your Internet privacy rights. After all, plenty of law-abiding, merely sensibly cautious, capitalism-loving people are freaking out about the way FAANG (Facebook, Apple, Amazon, Netflix, Google) companies, and many more, are creepily tracking their every move. Then those same corporations are selling the information and making it available to governments (or, at least, not going out of their way to stop governments from getting it).

Are people right to freak out about these privacy violations?

Yes, they are, or so I will argue. The threats come under three heads: corporate, criminal, and government. And let's not forget that in the worst-case scenario, the three heads merge into one.

The corporate threat

Left unchecked, in ten years, some of the biggest, most influential corporations will know (or have ready access to) not just your name, email address, phone number, age, sex/gender, credit card numbers, family relationships, friends, mother's maiden name, first car, favorite food, various social media metrics, browsing history, purchase history, as well as a large collection of content authored and curated by you. That's already bad enough (for reasons I'll explain). But they might add to their dossiers on you such things as your social security number, credit score, criminal record, medical history, voting history, religion, political party, government benefits, and more.

But how? Well, you might have asked that about the first list twenty years ago. How indeed? They'll create must-have devices and services that become very popular. Everybody has to have the device, or the service. Then they'll talk a good game when it comes to your information privacy and security, but they'll get their hands on your medical history, your credit score, your government benefits--and that will be it.

Imagine, too, the possibilities that highly motivated project managers will dream up when they can mash up your growing dossier with data from facial recognition, AI/big data text analysis, and other new technologies.

In such a situation, what information isn't private?

"But I can make up my own mind about what to buy," you say.

Well. Top-flight marketing and product people are, naturally, very good at what they do. It's not an accident that, once everybody and his grandma got online, some of the wretched Mark Zuckerbergs of the world would stumble on some platform that would connect us by our personal relationships, not care one bit about privacy, and hire people who are and become very, very, very good at manipulating us in all sorts of ways. They'll keep us online, give us more reasons to share more information, watch ads, and yes, buy stuff.

But corporate control of your private life is much more insidious than that.

Do you feel quite yourself when you're reading and posting on Facebook and Twitter, shopping on Amazon, watching and commenting on YouTube and Netflix, etc.? I admit it: I don't. We become more irrational when we get on these social networks. Sure, we retain our free will. We can stop ourselves (but often won't). We are the authors of what we write (as influenced by our echo chambers), which reflects our real views (maybe). We could quit (fat chance).

We have become part of a machine, run by massively powerful corporations, with their clever executives at the levers. Only part of what is so offensive about this machine is that we are influenced to buy things we don't need. What about radicalization--being influenced to believe things we haven't thought sufficiently about? What about self-censorship, because the increasingly bold and shameless social media censors (no longer mere "moderators") increasingly require ideological purity? What about the failure to consider options (for shopping, entertainment, socialization, discussion, etc.) that are outside of our preferred, addictive networks?

More importantly perhaps than any of those, what about the opportunity cost of spending our lives coordinated by these networks, with less time for offline creativity, meaningful one-on-one interaction, exercise, focused hard work, self-awareness, and self-doubt?

The machine, in short, robs us of our autonomy. As soon as we started giving up every little bit of information that makes us unique individuals, we empowered executives and technologists to collectivize us. It is not too much of a stretch to call it the beginnings of an engine of totalitarianism.

The criminal threat: privacy means security

If you've never had your credit card charged for stuff you didn't buy, your phone hacked, precious files held hostage by ransomware, your computer made inoperable by a virus, or your identity stolen, then you might not care much about criminal hackers. Several of these things have happened to me, and since I started studying programming and information security, I've become increasingly aware of just how extensive the dangers are.

Here's the relevance to privacy: keeping your information private requires keeping it secure. Privacy and security go hand in hand. If your information isn't private, that means it's not secure, i.e., anybody can easily grab it. You have to think about security if you want to think about privacy.

So, even if you (wrongheadedly) trust the Internet giants not to abuse your information or rob you of your autonomy, you should still consider that you're trusting them with your information security. If a company has your credit card information, government ID number, medical history and health data, or candid opinions, you have to ask yourself: Am I really comfortable with these companies' confident guarantees that my information won't fall into the wrong hands?

If you are, you shouldn't be. Think of all the data hacking of systems that, you might have thought, were surely hacker-proof: giant retailers like Target, internet giants like Facebook, major political parties, and heck, the NSA itself (not just the hack by Snowden).

No, your credit card info is not guaranteed safe just because the corporation storing it makes billions a year.

If you want to keep your information safe from malevolent forces, you shouldn't trust big companies. There are all sorts of ways bad actors can get hold of your information for nefarious purposes. They don't even always have to hack it. Sometimes, they can just legally buy it, a problem that legislation can make better--or worse.

The government threat

Remember when Edward Snowden revealed that the NSA has a (once) secret spy program that actually empowers it to monitor all telephone calls, emails, browser and search histories, and social media use? Remember when we all were shocked to learn that Bush and Obama, Democrats and Republicans had together created a monster of a domestic surveillance program?

I do. I think about it fairly often, although one doesn't hear about it that much, and the programs Edward Snowden uncovered, like NSA's PRISM, have not been canceled. That means (a) everything you do and access online can be put in government hands, whenever they demand it, and (b) it's no more secure than the NSA's security.

Remember when everybody left social media in droves and started locking down their Internet use, because otherwise the NSA would have easy access to their every move?

No, I don't remember that either, because it didn't happen. Nor, sadly, was there a popular revolt to get these programs repealed. I think many of us couldn't really believe it was happening; it just didn't seem real, it seemed to be about terrorists and spies and criminals, without any impact on us.

One thing that bothers me quite a bit is that pretty much the whole Democratic Party thinks Donald Trump is a crypto-Nazi and is one step from instituting fascism—but still, puzzlingly, nobody thinks to observe worriedly that he's in control of the NSA and can find trumped-up excuses to spy on us if he wishes. In other words, if Trump were a fascist and he did turn out to want to start the Fourth Reich here in the good ol' U.S. of A., it doesn't seem to bother many Democrats that Trump holds handy tools to do just that.

Meanwhile, Republicans often think the Democratic Party is beholden to social justice warriors that want to institute socialism, thought policing, censorship, and general totalitarianism. You know--fascism. But they, too, seem strangely uninterested to dismantle government programs that systematically monitor everyone.

Both sides think the other side is just desperate to lord it over us, the innocent, good salt of the earth. But nobody seems to care that the very tools that make a police state worse than 1984 possible are already in place. And they're only too happy to keep building and rewarding a corporate system that feeds directly into the NSA.

Government surveillance isn't that bad! Fascism will never happen here! We can keep putting our entire lives in the hands of giant corporations! So say the people whose direst fear is that the other side will consolidate even more power and start executing their secret desires to institute fascist control.

What to do

But it can happen here. That's why we need to start demanding more privacy from government.

If you're really worried about fascism, then let's defang the monster. Complain more about government programs that systematically violate your privacy rights. After all, knowledge is power, so NSA's PRISM program, and similar surveillance programs in other countries, is really just an undemocratic power grab. With enough of a public uproar, Democrats and Republicans really could get together over what should be a bipartisan concern: shutting down these enormously powerful, secretive government programs.

In the meantime, we need to wake up about our personal privacy.

Look--everything you do online has multiple points of insecurity. If you can see that now, then what's your response? Hope for the best? Throw your hands up in despair? Do nothing? Figure that decent people will eventually "do something" about the problem for you?

Don't count on it. If you aren't ready to start acting on your own behalf, why think your neighbor or your representative will?

Stop giving boatloads of information to giant corporations, especially ones who think you are the product, and contribute to the market for genuinely privacy-respecting products and services. If you don't, you're opening up that information to hackers who will exploit those points of security, and making it easier for governments everywhere to control their people.

Do your personal, familial, and civic duty and start locking down your cyber-life. I am. It'll take some time. But I think it's worth it and, soon, I'll be finished getting everything set up.

What if you and all your family and friends did this? If there were a groundswell of demand for privacy, we might create tools, practices, education, and economies that support privacy properly.

Think of it as cyber-hygiene. You need to wash your data regularly. It's time to learn. Our swinish data habits are really starting to stink the place up, and it's making the executives, criminals, and tyrants think they can rule the sty.


"OK," you say, "I'm convinced. I guess I should start caring about privacy. But really, how deep do I need to go into this privacy stuff, anyway? Well, I've answered that one, too."

Part of a series on how I'm locking down my cyber-life.


Stop giving your information away carelessly!

27 tips for improving your cyber-hygiene

Who is most responsible for your online privacy being violated?

You are.

Privacy is one of the biggest concerns in tech news recently. The importance of personal privacy is something everybody seems to be able to agree on. But if you're concerned about privacy, then you need stop giving your information away willy-nilly. Because you probably are.

Well, maybe you are. See how many of the following best practices you already follow.

  1. Passwords. Install and learn how to use a password manager on all your devices. There are many fine ones on the market.
  2. Let your password manager generate your passwords for you. You never even need to know what your passwords are, once you've got the password managers set up.
  3. Make sure you make a secure password for the password manager!
  4. Stop letting your browser save passwords. Your password manager handles that.
  5. If ever you have reason to send a password to another person online, break it into two or more files (texts, emails, whatever) in different media, then totally delete those files. Also, some password managers help with this.
  6. Credit cards and other personal info. Stop letting your browser save your credit cards. Your password manager handles that.
  7. Stop letting web vendors save your credit card info on their servers, unless absolutely necessary (e.g., for subscriptions). Again, your password manager handles that. Maybe you should go delete them now. I'll wait.
  8. If you give your credit card info out online, always check that the website has the "lock" next to its address on the address bar. That means it uses the https protocol (i.e., uses encryption).
  9. Stop answering "additional security" questions with correct answers, especially correct answers that hackers might discover with research. Treat the answer fields as passwords, and record them in your password manager.
  10. Stop filling out the "optional" information on account registration forms. Give away only the required information.
  11. Americans, for chrissakes stop giving out your social security number and allowing others to use it as an ID, unless absolutely required.
  12. Stop giving your email address out when doing face-to-face purchases. Those companies don't actually need it.
  13. Stop trusting the Internet giants with your data. Consider moving away from Gmail. Google has admitted it reads your mail—all the better to market to you, my dear. Gmail isn't all that, really.
  14. Maintain your own calendar. When meeting, let others add your name, but don't let them add your email address, if you have a choice.
  15. Maintain your own contacts. No need to let one of the Internet giants take control of that for you. It's not that hard. Then have them delete their copies.
  16. If you're an Apple person, stop using iCloud to sync your devices. Use wi-fi instead.
  17. Browser and search engine hygiene. Use a privacy-respecting browser, such as Brave or Firefox. (This will stop your browsing activity from being needlessly shared with Google or Microsoft.)
  18. If you must use a browser without built-in tracking protection (like Chrome), then use a tracker-blocking extension (like Privacy Badger).
  19. Use a privacy-respecting search engine, such as DuckDuckGo or Qwant. (Ditto.)
  20. Social media, if you must. On social media, start learning and taking the privacy settings more seriously. There are many options that allow you to lock down your data to some degree.
  21. Make posts "private" on Facebook, especially if they have any personal details. If you didn't know the difference between "private" and "public" posts, learn this. And a friend says: "Stop playing Facebook quizzes."
  22. Stop digitally labeling your photos and other social posts with time and location. Make sure that data is removed before you post.
    (Putting it in the text description is better.)
  23. For crying out loud, stop posting totally public pictures of your vacation while you are vacation. Those pictures are very interesting to burglars. Wait until you get home, at least.
  24. Sorry, but stop sharing pictures of your children on social. (This is just my opinion. I know you might differ. But it makes me nervous.)
  25. Consider quitting social media altogether. Their business models are extremely hostile to privacy. You (and your private info) are the product, after all.
  26. A couple of obvious(?) last items. Make sure you're using a firewall and some sort of anti-virus software.
  27. Don't be the idiot who opens email attachments from strangers.

How many did you answer "I do that!" to? I scored 22, to be totally honest, but it'll be up to 27 soon. Answer below. Well, answer only if you have a high score, or if you use a pseudonym. I don't want hackers to know who they can hit up for an easy win!


Kick the tech giants out of your life

If you're like me, you feel a need to need to kick the tech giants out of your life. But how? Well, nobody said it would be easy, but I'm actually doing it!

Stop using Google Chrome. Google is contemptuous of your privacy and of free speech. I recommend Brave.

Stop using Google Search. And it tracks you after you search. I recommend DuckDuckGo, with results just as good as Google's 90+% of the time, in my experience.

Stop using Gmail. Look. Gmail is way overrated. And there are many, many other options out there which do not read your mail and extract marketable data.

Stop using Google Contacts and iCloud. Start managing your own contacts and data. There are lots of great tools to do this; it's not that hard.

Shields up on all the tech giants' websites and devices. Dive in to the innards of your settings (or options)—not just a few, all of them, because they like to hide things—and set your privacy settings to max.

Maybe quit social media. Facebook, Twitter, YouTube, and others have becoming increasingly censorious and contemptuous of your privacy. Make them less relevant by spending more time elsewhere, if you can't just quit for good.

Use a password manager. Stop letting your browser track your passwords.

And then, if you want to get serious:

Start learning Linux... Microsoft's problems with privacy and security are famous. Apple has its own too. Well, there are these things called "virtual machines" which make it easy (and free) to install and play with your very own Linux installation. Try it!

...then switch to Linux. If you know how to use Linux, why not make the switch to something more permanent? You can always dual-boot.


How I locked down my passwords

If you’re one of those people who uses the same password for everything, especially if it’s a simple password, you’re a fool and you need to stop. But if you’re going to maintain a zillion different passwords for a zillion different sites, how? Password management software. I’ve been using the free, open source KeePass, which is secure and it works, but it doesn’t integrate well with browsers, or let me save my password date securely in the cloud (or maybe better, on the blockchain). So I’m going to get a better password manager and set it up on all my devices. This is an essential to locking down my cyber-life. One of the ways Facebook, LinkedIn, et al. insinuate themselves in our cyber-lives is by giving us an easy way to log in to other sites. But that makes it easier for them to track us everywhere. Well, if you install a decent password manager, then you don’t have to depend on social login services. Just skip them and use the omnipresent “log in with email” option every time. Your password manager will make it even easier than social login systems did.

You need a password manager

Password management software securely holds your passwords and brings them out, also securely, when you're logging in to websites in your desktop and handheld browsers. Decent browsers (like Brave) make your passwords available for the same purposes, if you let them, but there are strong reasons you shouldn't rely on your browser to act as a password manager.

Instead, for many years I've been using KeyPass, a free (open source) password manager that's been around for quite a while. The problem with KeyPass, as with a lot of open source software, is that it's a bit clunky. I never did get it to play nicely with browsers, and your passwords are saved in a file on your computer and/or in the cloud. If you lose the file, you lose your passwords.

Password managers do, of course, automatically generate passwords and save them securely. They can also (but not all do) store your password database securely in the cloud, so you don't have to worry about losing it (you can export a copy if you like). You can use it on all your devices with equal ease. They'll let you log in with a fingerprint on your phone.

A very nice feature is that they'll securely store payment information, so your browser, websites, and operating system don't have to hold that information. That means you don't have to trust them to manage this information properly. You only need to trust the password manager...

But can you trust password managers?

"Ah," you say, "but can you trust password managers?" That's not a bad or naive question at all; it's an excellent question. Consumer Reports, of all things, weighs in:

By default, LastPass, 1Password, and Dashlane store your password vault on their servers, allowing you to easily sync your data across devices. As a second benefit, if your computer crashes you won’t lose your vault.

But some people just really hate the idea of storing all their passwords on one site in the cloud—no matter what the company promises about its security measures, there's probably a bulls-eye painted on its encrypted back. If that sounds like you, it's possible to store your passwords locally.

Dashlane lets you do this by disabling the “Sync” feature in Preferences. This will delete your vault and its contents from the company’s servers. Of course, any further changes you make to your vault on your computer won’t show up on your other devices.

So what's my take? There are layers upon layers of security protecting your password repository, not least of which is the (hopefully well-chosen) master password to your password database. While you do have to choose the professionalism and honesty of a cloud-based password manager, I think that's their business, so I'm inclined to trust them. But, but!

I ask myself: what is more likely, that they become compromised (for whatever reason—let your imagination run wild) or instead that I lose my master password or all copies of my password database or somehow allow myself to be hacked? I think both are fairly unlikely, first of all. I am certainly inclined to distrust myself, especially over the long haul. And frankly, the idea that a security business is compromised seems unlikely, since security is their business. But could a password manager server be hacked? That is, again, a really good question, and you wouldn't be the first to ask it. Password manager company OneLogin was actually hacked, and the hackers could actually "decrypt encrypted data," the company said. Holy crap!

Also, which is most disastrous? Losing my password file would not be a disaster; I can easily generate new passwords; that's just a pain, not a disaster. But a hacker getting hold of my passwords in the cloud (no matter how unlikely)? That could be pretty damn bad.

After all, especially as password manager companies grow in size (as successful companies are wont to do), they naturally can be expected to become a honeypot for hackers. Another example of a hacked password management company was LastPass, which was hacked in 2015, although without exposing their users' passwords.

If you're like me, you have libertarian concerns about having to trust external entities (and especially, giant corporations) with your entire digital lives. You might also not want to trust (future?) dangerous governments with the power to force those corporations to give access to your entire digital life, then we're no longer talking about anti-crime cybersecurity. Then it looks like you shouldn'tsensibly put your password files in a corporate-managed cloud. Then you're having to trust people a little too much for my comfort. So you should manage their location yourself.

Then there are two further problems. First, can you be sure that it is impossible for anyone at the password management software company to crack your password database, even if you host it yourself? (Do they have a copy? Can they get access to a copy? If they have access, are there any back doors?)

Second, there's the practical issue: Without the cloud, how do you sync your passwords between all your devices? That feature is the main advantage of hosting your passwords in the cloud. So how can you do it automatically, quickly, and easily?

What self-hosted password manager is really secure?

Several password managers use the cloud, but what is stored in the cloud is only the encrypted data. All the login and decryption happens on your local device. This is called zero-knowledge security, and it might be a suitable compromise for many. I have one main issue with this: Especially if the software is proprietary, we must simply trust the company that that is, in fact, how it works. But that's a lot to ask. So I'll pass on these. I'll manage the hosting of my own passwords, thanks very much.

Here are my notes on various password managers:

  1. These all feature zero-knowledge security but seem not to allow the user to turn off cloud sync (maybe they do, I just couldn't find evidence that they do): 1Password, Keeper Password Manager, LastPass, LogMeOnce, Password Boss, Zoho Vault.
  2. Sticky Password Premium: Allows home wifi sync of passwords, which is just fine. Fills out forms, works on all your devices...except Linux devices. Linux does not seem to be supported. Next!
  3. RoboForm: Doesn't have a sync feature without using their cloud service, but hey! It has a Linux version! Might work on Brave, since Brave is built on Chromium and there is a Chrome extension. This was enough for me to install it (and it worked!), but it seems to be rather clunky and there were a few different things that didn't inspire confidence.
  4. Dashlane: This has zero-knowledge security, which isn't a bad thing, but in addition, it allows you disable sync. Whenever you turn it off, the password data is wiped from their servers (so they say). You can turn it on again and sync your devices, then turn it off again. This is within my tolerance. Also, Dashlane has a Linux version. In other respects, Dashlane seems very good. I installed it and input a password. The UX is very inviting—even the Linux version. It's expensive, though: it's a subscription, and it's $40 for the first year (if you use an affiliate link, I guess), and $60 if you buy it direct, which I'm guessing will be the yearly price going forward. That's pretty steep for a password manager.
  5. EnPass: Here's something unusual—a password manager that goes out of its way to support all platforms, including Linux and even Chromebook (not that I'd ever own one of those). Rather than an expensive subscription, like Dashlane, EnPass's desktop app is free, while the mobile version costs $10, and that's a one-time fee. They don't store passwords in the cloud; passwords are stored locally, but EnPass has some built-in ways to sync the passwords (including by wi-fi, like Sticky Password). The autofill apparently doesn't work too well, while more expensive options like Dashlane do this well, and lacks two-factor authentication, which would be nice, and other "luxury" features.

Installation and next steps

Dear reader, I went with EnPass.

So how did I get started? Well, the to do list was fairly substantial. I...

  1. Made a new master password. I read up on the strategy for making a password that is both strong, easy to remember, and easy to type. I ended up inventing my own strategy. (Do that! Be creative!) So my master password ended up being a bit of a compromise. While it's very strong, it's a bit of a pain to type; but it's pretty easy to remember. Whatever master password you chose, just make sure you don't forget it, or you'll lose access to your password database.
  2. Installed EnPass on Windows and Linux and tested it to see if it worked well in both. It does (so far).
  3. Used EnPass to sync the two installations using a cloud service. (I'll be replacing this with Resilio Sync soon enough, so it'll be 100% cloudless.) I confirmed that if I change a password in one, it is synced in the other.
  4. Imported all my Keepass passwords, then tested a bit more on both platforms to make sure nothing surprising is happening. So far, so good. My only misgiving about EnPass so far is that there doesn't seem to be a keyboard shortcut to automatically choose the login info. I actually have to double-click on the item I want, apparently.
  5. Deleted all passwords from all browsers, and ensure that the browser doesn't offer to save new passwords. Let the password manager handle that from now on. (No need for the redundancy; that's a bit of extra and unnecessary risk.)
  6. Installed on my cell phone, synced (without issue), and tested. (Annoyingly, the Enpass iOS app doesn't do autofill, but I gather that's in the plans.)
  7. Installed app and browser plugin on my (Mac) laptop. No issues there either.
  8. Deleted Keepass data in all locations. That's now redundant and a needless risk as well.

I'm now enjoying the new, secure, and easy access to my passwords on all my devices. I'm also happy to be free of browser password managers.

This was installment four in my series on how I'm locking down my cyber-life.


How I set up private email hosting for my family

Here's how I actually set up my own private email hosting—sanger.io! I already finished choosing a private email hosting provider. So what was the next step?

I still had to choose a plan with my chosen provider (InMotion Hosting, which didn't pay me anything for this) and make it official. The details are uninteresting; anybody could do that part.

Now the hard work (such as it was) began. I...

(1) Read over the domain host's getting-started guide for email. InMotion's is here, and if you have a different host, they're bound to have some instructions as well. If you get confused, their excellent customer service department can hold your hand a lot.

(2) Created a sanger.io email address, since that's what they said to do first. In case you want to email me, my username is 'larry'. (Noice and simple, ey?) InMotion let me create an email address, and I was rather confused about how this could possibly work since I hadn't pointed any DNS, hosted by NameCheap, to InMotion.

(3) Chose one of the domain hosts's web app options. For a webmail app (InMotion gave me a choice of three), I went with Horde, which is, not surprisingly, a little bit clunky compared to Gmail, but so far not worse than ZohoMail; we'll see. Unsurprisingly, when I tried to send an email from my old gmail account to my new @sanger.io account, the latter didn't receive it. Definitely need to do some DNS work first...

(4) Pointed my domain name to the right mail server. In technical jargon, I created an MX record on my DNS host. This was surprisingly simple. I just created an MXE Record on NameCheap, my DNS host for sanger.io, and pointed it to an IP address I found on InMotion. So basically, I just found the right place to paste in the IP address, and it was done. Now I can send and receive email via sanger.io (at least via webmail).

(5) Created email addresses for my other family members. Very easy.

(6) Installed a desktop email client. Why? I wasn't using one before because I just used Gmail in a browser and Apple's mail app on my phone. I could keep using webmail (on InMotion) but a desktop client is apt to be nicer. I'd tell you which one I used, but I'm not confident it's particularly good.

(7) Installed a new email client for my phone. As I no longer trust or want to support Apple if I can at all help it, I wanted to stop using their email client. I paid $10 for a privacy-touting mail client which is quite good so far: Canary Mail.

(8) Change the mail address registered with the big, consequential apps and services. This is the most labor-intensive step, and the step I most dreaded. Sure, it was a pain. But it turns out it was tremendously satisfying to be able to tell them to stop using my wretched Gmail address and instead to start using my slick new permanent and personalized address. Was that fun? Heck yeah it was! Anyway, such apps and services include

  • The massive Internet and tech services: Google, Microsoft, Apple.
  • The big social media/community accounts: Facebook, Twitter, YouTube, Quora, Medium, LinkedIn.
  • Companies I pay money to: Amazon, Netflix, PayPal, Patreon, InMotion, GoDaddy, NameCheap, Heroku, LifeLock, The Great Courses, any other bills.
  • Important stuff: my employer, the bank, medical info systems/apps, dentist, Coinbase.
  • Family, friends, and work and business people. Send them the message three times spread over a month or two, because if they're like me, they ignore such emails or don't act on them right away, and some old aunt of mine will keep sending mail to my gmail address for years and years. (I haven't actually done this one yet, but will soon. Gmail makes exporting of all your relevant contact info surprisingly difficult.)

(9) Create a Gmail forwarder! Buh-bye, Google! No need even to visit your crappy, biased, would-be totalitarian service for email any longer.

(10) Clean up and consolidation. There are a zillion little consequences when you change your email on all these big services, and I expect I'll be dealing with the consequences (nothing major!) for a few days or weeks to come. Among the things I know I'll have to do: (a) Install and configure mail clients on my laptop and iPad, and in other ways get those other devices working as expected again. (b) Update various email clients with address book information, as needed. (c) Actually collect my contacts from Google and Apple (harder than it sounds). (d) Change entries in my password manager from @gmail.com to @sanger.io. (e) Actually, get a new password manager...but that's a whole nuther thang. (f) Get Microsoft and Google and whatever else to forget my contacts...ditto.

This was installment three in my series on how I'm locking down my cyber-life.


How I chose an email hosting service to replace Gmail

I want to lock down my cyber-life. One basic constraint is that I want to replace Gmail, and when I do so, I never want to change my email address again. My biggest concern is that I never again want to be beholden to any major Internet corporation that has shown its contempt for privacy and censorship concerns. But if I can get "the last email address I'll ever need" while I'm at it, all the better.

The natural solution is to own my own domain name and seek out email hosting. This is not as difficult as it might sound, but it isn’t as easy as registering a new Google account. But then, that is exactly what Google is counting on: your laziness.

My new address will live at the newly-registered sanger.io domain. I and my family members can have unique and easy to remember email addresses for all the rest of our lives. After purchasing sanger.io (from NameCheap), I listed a number of features I knew I wanted: reasonable price, unlimited (or more than I could reasonably need) email storage space, IMAP support, a webmail app built in to the hosting provider (or else software that they make it easy for me to install on my new domain), and finally, enough email addresses for my purposes.

I ended up weeding out a fair few on grounds that they were too expensive (e.g., ProtonMail) or didn't offer enough storage space or accounts (e.g., NameCheap). I also weeded many out because their Alexa rankings were above 10,000, and while that isn't a total deal-breaker, I didn't want my email host to quit on me, which would be a pain.


Private email hosting comparison (Jan. 2019)

 PriceSpace limitIMAP supportWebmail app# of addressesWeb Hosting Geeks.com ratingIncludes web hosting
BlueHost Plus$5.95/moUnlimitedYesYesUnlimited2.5Yes
InMotion Hosting$6.39/moUnlimitedYesYesUnlimited4.5Yes
Rackspace Email$2/user/mo (so for me, $6/mo)25GB/ accountYesYes1/$2 accountnot reviewedNo
Zoho$3/user/mo (so for me, $9/mo)30GB/ accountYesYes1/$3 accountnot reviewedNo

I also discovered that some competitive email hosting (in the case of BlueHost and InMotionHosting) comes packaged with shared web hosting, which would be handy. I mean, then I could finally ditch GoDaddy, which I've used since time immemorial. (I dislike their upselling and bait-and-switch tactics, and detest their clunky user interface.)

I use Zoho Mail for work, and it's quite decent, but it costs half again as much and doesn't bundle shared web hosting. RackSpace email hosting seems high-quality, but it fails by comparison with BlueHost and InMotionHosting, in that those two offer unlimited email addresses and unlimited email storage space. And between the latter two, InMotionHosting seems to be the better reviewed by WebHostingGeeks.com and in other reviews. Besides, it supports Ruby; I could host my Rails projects there.

I looked at a number of other reviews of InMotionHosting, and it does indeed look good. It also has spam protection (which I didn't think to check on at first), lots of PostgreSQL databases if I want them, and free website data migration from GoDaddy.

I understand that this is not a route that most people will take. Paying for email seems unnecessary, many people would say. And certainly most people don't need their own domain name for email, they think. But just imagine: you can have the same, perfectly appropriate email address for the rest of your life. And you no longer have to feel beholden to the privacy practices of an Internet giant like Google.

Look, you don't have to be an uber-geek to do this. If you can't do it yourself, and you can get a geeky friend to set this up for you—it's not that expensive, and then you'd have your own address forever.

And you'd no longer have to support the growing monster that is Google. Gmail is admittedly a pretty awesome web app, but frankly I find I haven't missed it much when using ZohoMail for work, and I don't even use the Google email client on my phone. So the slightly slicker quality of the Gmail web app really doesn't make that much difference after all.

Next: how I set up my new private email hosting.

This was the second installment in my report about how I'm locking down my cyber-life.


How I'm locking down my cyber-life

Updated March 17, 2019

Two problems of computer technology

My 2019 New Year's resolution (along with getting into shape, of course) is to lock down my cyber-life. This is for two reasons.

First, threats to Internet security of all sorts have evolved beyond the reckoning of most of us, and if you have been paying attention, you wonder what you should really be doing in response. My phone was recently hacked and my Google password reset. The threats can come from criminals, ideological foes and people with a vendetta or a mission (of whatever sort), foreign powers, and—of special concern for some of us—the ubiquitous, massively intrusive ministrations of the tech giants.

Second, the Silicon Valley behemoths have decided to move beyond mere moderation for objectively abusive behavior and shutting down (really obvious) terrorist organizations, to start engaging in viewpoint censorship of conservatives and libertarians. As a free speech libertarian who has lived online for much of my life since 1994, these developments are deeply concerning. The culprits include the so-called FAANG companies (Facebook, Apple, Amazon, Netflix, Google), but to that list we must add YouTube, Twitter, and Microsoft. Many of us have been saying that we must take ourselves out of the hands of these networks—but exactly how to do so is evidently difficult. Still, I'm motivated to try.

1At the root of both problems is simply that the fantastic efficiency and simplicity of computer technology is secured via our participation in networks and EULAs offered by massively rich and powerful corporations. Naturally, because what they offer is so valuable and because it is offered at reasonable prices (often, free), they can demand a great deal of information and control in exchange. This dynamic has led to us (most of us) shipping them boatloads of our data. That's a honeypot for criminals, authoritarians, and marketers, as I've explained in more depth.

There is nothing we can do about it—except to stop participating. That's why I want to kick the tech giants out of my life.

The threat to our privacy undermines some basic principles of the decentralized Internet that blossomed in the 90s and boomed in the 00s. The Establishment has taken over what was once a centerless, mostly privacy-respecting phenomenon of civil society, transforming it into something centralized, invasive, risky, and controlling. What was once the technology of personal autonomy has enabled—as never before—cybercrime, collectivization, mob rule, and censorship.

A plan

I don't propose to try to lead a political fight. I just want to know what can do personally to mitigate my own risks. I don't want to take the easy or even the slightly-difficult route to securing my privacy; I want to be hardcore, if not extreme.

I'm not sure of the complete list of things that I ought to do. I will examine some of these in more depth (in other blog posts, perhaps) before I take action, but others I have already implemented.

  1. Stop using Chrome. (Done.) Google collects massive amounts of information from us via their browser. The good news is that you don't have to use it, if you're among the 62% of people who do. I've been using Firefox; but I haven't been happy about that. The Mozilla organization, which manages the browser, is evidently dominated by the Silicon Valley left; they forced out Brendan Eich, one of the creators of Firefox and the JavaScript programming language, for his political views. Frankly, I don't trust them. I've switched to Eich's newer, privacy-focused browser, Brave. I've had a much better experience using it lately than I had when I first tried it a year or two ago and when it was still on the bleeding edge. Brave automatically blocks ads, trackers, third-party cookies, encrypts your connections—and, unlike Google, they don't have a profile about you (well, it never leaves your machine; the Brave company doesn't have access to it). As a browser, it's quite good and a pleasure to use. It also pays you in crypto for using it. There might be a few rare issues (maybe connected with JavaScript), but when I suspect there's a problem with the browser, I try whatever I'm trying to do in a locked-down version of Firefox, which is now my fallback. There's absolutely no need to use Chrome for anything but testing, and that's only if you're in Web development. By the way, the Brave iOS app is really nice, too.
  2. Stop using Google Search (when possible). (Done.) I understand that sometimes, getting the right answer requires that you use Google, because it does, generally, give the best search results. But I get surprisingly good results from DuckDuckGo, which I've been using for quite a while now. Like Brave and unlike Google, DuckDuckGo doesn't track you and respects your privacy. You're not the product. It is easy to go to your browser's Settings page and switch.
  3. Stop using gmail. (Done.) This was harder, and figuring out and executing the logistics of it was a chore—it involved changing all the accounts, especially the important accounts, that use my gmail address—but I'm totally committed to taking this step. I had wanted to do this for a while, but the sheer number of hours it was going to take (and did take) to make the necessary changes was daunting. Besides, I was tired of switching email addresses. I want to have one email address for the rest of my life. My new email address resides at sanger.io, a domain that my family will be able to use. Here's how I chose an email hosting service to replace Gmail. And here's how I set up private email hosting for my family.
  4. Start using (better) password management software. And never use another social login again. (Done.) If you're one of those people who uses the same password for everything, especially if it's a simple password, you're a fool and you need to stop. But if you're going to maintain a zillion different passwords for a zillion different sites, how? Password management software. I've been using the free, open source KeePass, which is secure and it works, but it doesn't integrate well with browsers, or let me save my password date securely in the cloud (or maybe better, on the blockchain). So I'm going to get a better password manager and set it up on all my devices. This is an essential to locking down my cyber-life. One of the ways Facebook, LinkedIn, et al. insinuate themselves in our cyber-lives is by giving us an easy way to log in to other sites. But that makes it easier for them to track us everywhere. Well, if you install a decent password manager, then you don't have to depend on social login services. Just skip them and use the omnipresent "log in with email" option every time. Your password manager will make it even easier than social login systems did. UPDATE: I switched to EnPass and told browsers to stop tracking my passwords. Read more.
  5. Stop using iCloud to sync your iPhone data with your desktop and laptop data; replace it with wi-fi sync. (Done.) If you must use a smartphone, and if (like mine) it's an iPhone, then at least stop putting all your precious data on Apple servers, i.e., on iCloud. It's very easy to do. After you do that, you can go tell iTunes to sync your contacts, calendars, and other information via wi-fi; here's how. And I'm sorry to break it to you, but Apple really ain't all that.
  6. Take control of my contact and friend lists. (Partly done.) I've been giving Google, Apple, and Microsoft too much authority to manage my contacts for me, and I've shared my Facebook and other friends lists too much. I'm not sure I want these contacts knowing my contacts and friends, period. I don't know what they're doing with the information, or who they're sharing it with, really. Besides, if my friends play fast and loose with privacy settings, my privacy can suffer—and vice-versa. So I'm going to start maintaining my own contacts, thanks very much, and delete the lists I've given to Google and Microsoft. I'm glad I've already stopped putting this information on iCloud.
  7. Stop using gcal. (Not started.) I just don't trust Google with this information, and frankly, gcal isn't all that. I mean, it's OK. The only inconvenience is that I'm going to have to tell my workmates I don't use it, but that they should put my name in without my email address, and I'll add the appointment to my own calendar. This will involve installing a calendar app on my phone (I don't want to keep using Apple's) and figuring out how to sync my calendar data without the cloud, so I still have up-to-date copies of on all my devices.
  8. Switch to Linux. (Done.) I used a Linux (Ubuntu) virtual machine for programming for a while. Linux is stable and usable for most purposes. It still has very minor usability issues for beginners. If you're up to speed, in which case, it's simply better than Windows or Mac, period, in almost every way. On balance the "beginner" issues aren't nearly as severe as those associated with using products by Microsoft and Apple. I've put Ubuntu on a partition on my workstation, and switched to that as my main work environment. I also gave away my Mac laptop and got a new laptop, on which I did a clean install, also of Ubuntu. Linux is generally more secure, gives the user more control, and most importantly does not have a giant multinational corporation behind it that wants to take and sell your information. Read more about how I switched to Ubuntu on my desktop and also my laptop.
  9. Nail down a backup plan. (In progress.) If you're going to avoid using so much centralized and cloud software, you've got to think not just about security but about backing up your data. I've got a monster of a backup drive, as well as backup software and knowledge of how to use it, but what I don't have are excellent habits to use this stuff regularly. I don't even have regularly-scheduled backups, which I really should do. But really getting my old files organized, especially if I want to keep copies of my old emails instead of relying on frickin' Google to do it—and doubly so if I want to download my old gmail stuff, or even (gasp) not use a cloud storage service at all.
  10. Stop using cloud storage. (Done.) "Now," you're going to tell me, "you're getting unreasonable. This is out of hand. Not back up to Dropbox, iCloud, Google Drive, Box, or OneDrive? Not have the convenience of having the same files on all my machines equally available? Are you crazy?" I'm not crazy. You might not realize what is now possible without the cloud. If you're serious about this privacy stuff and you really don't trust big tech anymore—I sure don't—then yeah. This is necessary too. One option is Resilio Sync, moving files between your devices via deeply encrypted networks (via a modified version of the BitTorrent protocol), with the files never landing anywhere but on your devices. Another option is to use a NAS (network attached storage device), which is basically your very own cloud server that only you can access, but you can access it from anywhere via an encrypted Internet connection. There are also open source Dropbox competitors that do use the cloud (the term to search for is "zero-knowledge encryption"), but which are arguably more secure; at any rate, you're in control of them. Yet another option is to run a cloud server from your desktop (if it's always on), using something like NextCloud. The solution I went with was Resilio Sync; read more.
  11. Quit social media, or at least nail down a sensible social media use policy. (Done.) I'm extremely ambivalent about my ongoing use of social media. I took a break for over a month (which was nice), but I decided that it is too important for my career to be plugged in to the most common networks. If I'm going to use them, I feel like I need to create a set of rules for myself to follow—so I don't get sucked back in. I also want to reconsider how I might use alternative social networks, like Gab (which has problems), and social media tools that make it easy both to post and to keep an easily-accessible archive of my posts. One of my biggest problems with all social media networks is that they make it extremely difficult to download and control your own friggin' data—how dare they. Well, there are tools to take care of that... Anyway, you can read more about how I settled on a social media use policy.
  12. Study and make use of website/service/device privacy options. (In progress.) Google, Apple, Facebook, Twitter, YouTube, etc., all have privacy policies and options available to the user. It is time to study and regularly review them, and put shields up to maximum. Of course, it's better if I can switch to services that don't pose privacy threats.
  13. Also study the privacy of other categories of data. Banking data, health data, travel data (via Google, Apple, Uber, Yelp, etc.), shopping data (Amazon, etc.)—it all has unique vulnerabilities that is important to be aware of. I'm not sure I've done all I can to lock it down. So I want to do that.
  14. Subscribe to a VPN. (Done.) Websites can still get quite a bit of info about you from your IP address and by listening in on any data that happens to be unencrypted via your web connection. VPNs solve those problems by making your connection to the Internet anonymous. The big problem with VPNs, and the reason I probably won't do this, is that they slow down your Internet connection. They also add new complexity to your life (e.g., if you get the wrong VPN, you might not be able to connect to some services, like Netflix, through the VPN). But it's a great step to take if you're serious about privacy, if you can get around or handle the slowness problem. A nice fallback is the built-in private windows in Brave that are run on the Tor network, which operates on a similar principle to VPNs. Read more.
  15. Figure out how to change my passwords regularly, maybe. I might want to make a list of all my important passwords and change them quarterly everywhere, as a sort of cyber-hygiene. Why don't we make a practice of this? Because it's a pain in the ass and most people don't know how to use password management software, that's why. Besides, security experts actually discourage regular password changing, but that's mainly because most people are bad at making and tracking secure passwords. Well, if you use password managers, that part isn't so hard. But it's also because we really don't have a realistic plan to do it. Well, I'm going to think hard about making one and, maybe, try to follow it, making use of whatever automated tools are available (such as this).
  16. Get identity theft protection. (Done.) After my phone was hacked, I finally did something I've been meaning to do for a long time—subscribe to an identity theft protection service. The one I use is LifeLock, and so far it seems to be quite good. If you don't know or care about identity theft, that's probably because you've never seen weird charges pop up on your card, or had your card frozen by your bank, or whatever. LifeLock doesn't prevent these issues by itself, but it does make it a lot easier to deal with them if they happen.
  17. Moar privacy thangs. Look into various other things one can do to lock down privacy. Consider the new Purism Librem 5 phone. Look into a physical security key for laptop and desktop. Etc., etc.

What have I left out?

Are you going to join me in this push toward greater privacy and autonomy? Let me know—or, of course, you can keep it to yourself.


A Free Speech Credo

This content is password protected. To view it please enter your password below: